We present a pointer and array access checking technique that provides complete error coverage through a simple set of program transformations. Our technique, based on an extended safe pointer representation, has a number of novel aspects. Foremost, it is the first technique that detects all spatial and temporal access errors. Its use is not limited by the expressiveness of the language; that is, it can be applied successfully to compiled or interpreted languages with subscripted and mutable pointers, local references, and explicit and typeless dynamic storage management, e.g., C. Because it is a source level transformation, it is amenable to both compile- and run-time optimization. Finally, its performance, even without compile-time optimization, is quite good. We implemented a prototype translator for the C language and analyzed the checking overheads of six non-trivial, pointer intensive programs. Execution overheads range from 130 % to 540%; with text and data size overheads typically below 100%.

We present HeapSafe, a tool that uses reference counting to dynamically verify the soundness of manual memory management of C programs. HeapSafe relies on a simple extension to the usual malloc/free memory management API: delayed free scopes during which otherwise dangling references can exist. Porting programs for use with HeapSafe typically requires little effort (on average 0.6 % of lines change), adds an average 11 % time overhead (84 % in the worst case), and increases space usage by an average of 13%. These results are based on porting over half a million lines of C code, including perl where we found six previously unknown bugs. Many existing C programs continue to use unchecked manual memory management. One reason is that programmers fear that moving to garbage collection is too big a risk. We believe that HeapSafe is a practical way to provide safe memory management for such programs. Since HeapSafe checks existing memory management rather than changing it, programmers need not worry that HeapSafe will introduce new bugs; and, since HeapSafe does not manage memory itself, programmers can choose to deploy their programs without HeapSafe if performance is critical (a simple header file allows HeapSafe programs to compile and run with a regular C compiler). In contrast, we found that garbage collection, although faster, had much higher space overhead, and occasionally caused a space-usage explosion that made the program unusable.

We present a pointer and array access checking technique that provides complete error coverage through a simple set of program transformations. Our technique, based on an extended safe pointer representation, has a number of novel aspects, Foremost, it is the first technique that detects all spatial and temporal access errors. Its use is not limited by the expressiveness of the language; that is, it can be applied successfully to compiled or interpreted languages with subscripted and mutable pointers, local references, and explicit and typeless dynamic storage management, e.g., C. Because it is a source level transformation, it is amenable to both compile- and run-time optimization. Finally, its performance, even without compile-time optimization, is quite good. We implemented a prototype translator for the C language and analyzed the checking overheads of six non-trivial, pointer intensive programs. Execution overheads range from 130 % to 540%; with text and data size overheads typically below 100~0. 1

INTRODUCTION The need for run-time checking of array subscripts and pointer bounds is apparent to any experienced C programmer. For example, it once took six months to find the cause of an intermittent bug because it could not be reliably reproduced. Saying that some other language should have been used instead of C is not productive, as each language has its problems, and there are usually several constraints that lead to the choice of a particular language. A language may do run-time checking by definition or through a standard implementation, e.g. SNOBOL4, or make it easy to implement run-time checking of pointers, e.g. ALGOL 68 requires the run-time maintenance of pointer bounds for use by the lower- and upper-bound operators. 2 A language may restrict operations on pointers, such as PL/1 or Pascal, 4 ' 5 thus eliminating some types of run-time errors. However, the C language allows completely unrestricted use of pointers, including pointer arithmetic and conversion o

this paper, we propose a simple technique that works equally well for both of these latter two types of semantics, and whose efficiency compares favorably for certain realistic programs with more traditional implementations of these semantics. Furthermore, we provide a mechanism for using this technique through Ada implementations of two abstract data types where undefined variables respectively exhibit these two types of semantics, and whose implementations of these semantics use our technique. These abstract data types allow our technique to be selectively used in strictly those situations where the cost of the technique is justified. We provide practical examples illustrating these situations

The smart pointer is a programming technique for the C++ language that extends the functionality of the simple pointer. Smart pointers have previously been used to support persistence, distributed objects, reference counting, and garbage collection. This article will show how smart pointers can provide an inexpensive method for detecting dangling pointers to dynamic objects that can be added to any standard C++ implementation.